Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
44
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
150
Getting Started in Bug Bounty
jr0ch17
0
130
Getting Blindly Lucky
jr0ch17
0
78
Qu'est-ce que le bug bounty?
jr0ch17
0
120
Finding 5 bugs in a single parameter
jr0ch17
0
88
Beyond the Borders of Scope
jr0ch17
0
73
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
AWS IAM Identity Centerによる権限設定をグラフ構造で可視化+グラフRAGへの挑戦
ykimi
2
720
コミュニティと共に変化する 私とFusicの8年間
ayasamind
0
450
内部品質・フロー効率・コミュニケーションコストを悪化させ現場を苦しめかねない16の組織設計アンチパターン[超簡易版] / 16 Organization Design Anti-Patterns for Software Development
mtx2s
2
200
ステートレスなLLMでステートフルなAI agentを作る - YAPC::Fukuoka 2025
gfx
2
560
バクラクの AI-BPO を支える AI エージェント 〜とそれを支える Bet AI Guild〜
tomoaki25
2
630
ubuntu-latest から ubuntu-slim へ移行しよう!コスト削減うれしい~!
asumikam
0
470
AI時代におけるドメイン駆動設計 入門 / Introduction to Domain-Driven Design in the AI Era
fendo181
0
670
AIと共に開発する時代の組織、プロセス設計 freeeでの実践から見えてきたこと
freee
3
590
Copilotの精度を上げる!カスタムプロンプト入門.pdf
ismk
10
3.3k
仕様駆動 x Codex で 超効率開発
ismk
2
1.4k
【AWS reInvent 2025 関西組 事前勉強会】re:Inventの“感動と興奮”を思い出してモチベ爆上げしたいです
ttelltte
0
140
マイクロリブート ~ACEマインドセットで実現するアジャイル~
sony
0
250
Featured
See All Featured
Building Flexible Design Systems
yeseniaperezcruz
329
39k
For a Future-Friendly Web
brad_frost
180
10k
Rails Girls Zürich Keynote
gr2m
95
14k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8k
BBQ
matthewcrist
89
9.9k
RailsConf 2023
tenderlove
30
1.3k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Automating Front-end Workflow
addyosmani
1371
200k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
9
970
4 Signs Your Business is Dying
shpigford
186
22k
Raft: Consensus for Rubyists
vanstee
140
7.2k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
ykimi
ayasamind
mtx2s
gfx
tomoaki25
asumikam
fendo181
freee
ismk
ttelltte
sony
yeseniaperezcruz
brad_frost
gr2m
dougneiner
matthewcrist
tenderlove
lynnandtonic
keithpitt
addyosmani
shpigford
vanstee
